Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-5355 YARN Timeline Service v.2: alpha 2
  3. YARN-6820

Restrict read access to timelineservice v2 data



    • Reviewed


      Need to provide a way to restrict read access in ATSv2. Not all users should be able to read all entities. On the flip side, some folks may not need any read restrictions, so we need to provide a way to disable this access restriction as well.

      Initially this access restriction could be done in a simple way via a whitelist of users allowed to read data. That set of users can read all data, no other user can read any data. Can be turned off for all users to read all data.

      Could be stored in a "domain" table in hbase perhaps. Or a configuration setting for the cluster. Or something else that's simple enough. ATSv1 has a concept of domain for isolating users for reading. Would be good to keep that in consideration.

      In ATSv1, domain offers a namespace for Timeline server allowing users to host multiple entities, isolating them from other users and applications. A “Domain” in ATSV1 primarily stores owner info, read and& write ACL information, created and modified time stamp information. Each Domain is identified by an ID which must be unique across all users in the YARN cluster.


        1. YARN-6820-YARN-5355.005.patch
          30 kB
          Vrushali C
        2. YARN-6820-YARN-5355.004.patch
          30 kB
          Vrushali C
        3. YARN-6820-YARN-5355.003.patch
          28 kB
          Vrushali C
        4. YARN-6820-YARN-5355.002.patch
          21 kB
          Vrushali C
        5. YARN-6820-YARN-5355.0001.patch
          21 kB
          Vrushali C
        6. YARN-6820-YARN-5355_branch_2.patch
          30 kB
          Vrushali C

        Issue Links



              vrushalic Vrushali C
              vrushalic Vrushali C
              0 Vote for this issue
              10 Start watching this issue